Search criteria
6 vulnerabilities found for lana_downloads_manager by lana
FKIE_CVE-2025-2048
Vulnerability from fkie_nvd - Published: 2025-04-01 06:15 - Updated: 2025-06-12 16:57
Severity ?
Summary
The Lana Downloads Manager WordPress plugin before 1.10.0 does not validate user input used in a path, which could allow users with an admin role to perform path traversal attacks and download arbitrary files on the server
References
| URL | Tags | ||
|---|---|---|---|
| contact@wpscan.com | https://wpscan.com/vulnerability/05c664e8-110e-4a31-8377-41a0422508a7/ | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| lana | lana_downloads_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lana:lana_downloads_manager:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "00E4FFE3-D3E9-49F2-AF9C-F93900ACB5C1",
"versionEndExcluding": "1.10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Lana Downloads Manager WordPress plugin before 1.10.0 does not validate user input used in a path, which could allow users with an admin role to perform path traversal attacks and download arbitrary files on the server"
},
{
"lang": "es",
"value": "El complemento Lana Downloads Manager de WordPress anterior a la versi\u00f3n 1.10.0 no valida la entrada del usuario utilizada en una ruta, lo que podr\u00eda permitir a los usuarios con un rol de administrador realizar ataques de Path Traversal y descargar archivos arbitrarios en el servidor."
}
],
"id": "CVE-2025-2048",
"lastModified": "2025-06-12T16:57:25.657",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 1.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-04-01T06:15:48.350",
"references": [
{
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/05c664e8-110e-4a31-8377-41a0422508a7/"
}
],
"sourceIdentifier": "contact@wpscan.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-2392
Vulnerability from fkie_nvd - Published: 2022-08-22 15:15 - Updated: 2024-11-21 07:00
Severity ?
Summary
The Lana Downloads Manager WordPress plugin before 1.8.0 is affected by an arbitrary file download vulnerability that can be exploited by users with "Contributor" permissions or higher.
References
| URL | Tags | ||
|---|---|---|---|
| contact@wpscan.com | https://wpscan.com/vulnerability/5001ed18-858e-4c9d-9d7b-a1305fcdf61b | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wpscan.com/vulnerability/5001ed18-858e-4c9d-9d7b-a1305fcdf61b | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| lana | lana_downloads_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lana:lana_downloads_manager:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "6D28C45A-6BD0-46F1-9DE3-901EE80F03F0",
"versionEndExcluding": "1.8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Lana Downloads Manager WordPress plugin before 1.8.0 is affected by an arbitrary file download vulnerability that can be exploited by users with \"Contributor\" permissions or higher."
},
{
"lang": "es",
"value": "El plugin Lana Downloads Manager de WordPress versiones anteriores a 1.8.0, est\u00e1 afectado por una vulnerabilidad de descarga de archivos arbitraria que puede ser explotada por usuarios con permisos \"Contributor\" o superiores."
}
],
"id": "CVE-2022-2392",
"lastModified": "2024-11-21T07:00:53.980",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-22T15:15:15.013",
"references": [
{
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/5001ed18-858e-4c9d-9d7b-a1305fcdf61b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/5001ed18-858e-4c9d-9d7b-a1305fcdf61b"
}
],
"sourceIdentifier": "contact@wpscan.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-552"
}
],
"source": "contact@wpscan.com",
"type": "Secondary"
}
]
}
CVE-2025-2048 (GCVE-0-2025-2048)
Vulnerability from cvelistv5 – Published: 2025-04-01 06:00 – Updated: 2025-04-01 14:58
VLAI?
Title
Lana Downloads Manager < 1.10.0 - Admin+ Arbitrary File Download via Path Traversal
Summary
The Lana Downloads Manager WordPress plugin before 1.10.0 does not validate user input used in a path, which could allow users with an admin role to perform path traversal attacks and download arbitrary files on the server
Severity ?
4.1 (Medium)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Lana Downloads Manager |
Affected:
0 , < 1.10.0
(semver)
|
Credits
Bruno Oliveira - IncludeSecurity
WPScan
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-2048",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-01T14:58:52.303722Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-01T14:58:56.415Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Lana Downloads Manager",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.10.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Bruno Oliveira - IncludeSecurity"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Lana Downloads Manager WordPress plugin before 1.10.0 does not validate user input used in a path, which could allow users with an admin role to perform path traversal attacks and download arbitrary files on the server"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-01T06:00:05.541Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/05c664e8-110e-4a31-8377-41a0422508a7/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Lana Downloads Manager \u003c 1.10.0 - Admin+ Arbitrary File Download via Path Traversal",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2025-2048",
"datePublished": "2025-04-01T06:00:05.541Z",
"dateReserved": "2025-03-06T14:33:00.667Z",
"dateUpdated": "2025-04-01T14:58:56.415Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2392 (GCVE-0-2022-2392)
Vulnerability from cvelistv5 – Published: 2022-08-22 15:03 – Updated: 2024-08-03 00:39
VLAI?
Title
Lana Downloads Manager < 1.8.0 - Contributor+ Arbitrary File Download
Summary
The Lana Downloads Manager WordPress plugin before 1.8.0 is affected by an arbitrary file download vulnerability that can be exploited by users with "Contributor" permissions or higher.
Severity ?
No CVSS data available.
CWE
- CWE-552 - Files or Directories Accessible to External Parties
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Lana Downloads Manager |
Affected:
1.8.0 , < 1.8.0
(custom)
|
Credits
Raad Haddad
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:39:06.383Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/5001ed18-858e-4c9d-9d7b-a1305fcdf61b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Lana Downloads Manager",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.8.0",
"status": "affected",
"version": "1.8.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Raad Haddad"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Lana Downloads Manager WordPress plugin before 1.8.0 is affected by an arbitrary file download vulnerability that can be exploited by users with \"Contributor\" permissions or higher."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552 Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-22T15:03:01",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/5001ed18-858e-4c9d-9d7b-a1305fcdf61b"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Lana Downloads Manager \u003c 1.8.0 - Contributor+ Arbitrary File Download",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-2392",
"STATE": "PUBLIC",
"TITLE": "Lana Downloads Manager \u003c 1.8.0 - Contributor+ Arbitrary File Download"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Lana Downloads Manager",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.8.0",
"version_value": "1.8.0"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Raad Haddad"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Lana Downloads Manager WordPress plugin before 1.8.0 is affected by an arbitrary file download vulnerability that can be exploited by users with \"Contributor\" permissions or higher."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-552 Files or Directories Accessible to External Parties"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/5001ed18-858e-4c9d-9d7b-a1305fcdf61b",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/5001ed18-858e-4c9d-9d7b-a1305fcdf61b"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-2392",
"datePublished": "2022-08-22T15:03:01",
"dateReserved": "2022-07-12T00:00:00",
"dateUpdated": "2024-08-03T00:39:06.383Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2048 (GCVE-0-2025-2048)
Vulnerability from nvd – Published: 2025-04-01 06:00 – Updated: 2025-04-01 14:58
VLAI?
Title
Lana Downloads Manager < 1.10.0 - Admin+ Arbitrary File Download via Path Traversal
Summary
The Lana Downloads Manager WordPress plugin before 1.10.0 does not validate user input used in a path, which could allow users with an admin role to perform path traversal attacks and download arbitrary files on the server
Severity ?
4.1 (Medium)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Lana Downloads Manager |
Affected:
0 , < 1.10.0
(semver)
|
Credits
Bruno Oliveira - IncludeSecurity
WPScan
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-2048",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-01T14:58:52.303722Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-01T14:58:56.415Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Lana Downloads Manager",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.10.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Bruno Oliveira - IncludeSecurity"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Lana Downloads Manager WordPress plugin before 1.10.0 does not validate user input used in a path, which could allow users with an admin role to perform path traversal attacks and download arbitrary files on the server"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-01T06:00:05.541Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/05c664e8-110e-4a31-8377-41a0422508a7/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Lana Downloads Manager \u003c 1.10.0 - Admin+ Arbitrary File Download via Path Traversal",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2025-2048",
"datePublished": "2025-04-01T06:00:05.541Z",
"dateReserved": "2025-03-06T14:33:00.667Z",
"dateUpdated": "2025-04-01T14:58:56.415Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2392 (GCVE-0-2022-2392)
Vulnerability from nvd – Published: 2022-08-22 15:03 – Updated: 2024-08-03 00:39
VLAI?
Title
Lana Downloads Manager < 1.8.0 - Contributor+ Arbitrary File Download
Summary
The Lana Downloads Manager WordPress plugin before 1.8.0 is affected by an arbitrary file download vulnerability that can be exploited by users with "Contributor" permissions or higher.
Severity ?
No CVSS data available.
CWE
- CWE-552 - Files or Directories Accessible to External Parties
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Lana Downloads Manager |
Affected:
1.8.0 , < 1.8.0
(custom)
|
Credits
Raad Haddad
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:39:06.383Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/5001ed18-858e-4c9d-9d7b-a1305fcdf61b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Lana Downloads Manager",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.8.0",
"status": "affected",
"version": "1.8.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Raad Haddad"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Lana Downloads Manager WordPress plugin before 1.8.0 is affected by an arbitrary file download vulnerability that can be exploited by users with \"Contributor\" permissions or higher."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552 Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-22T15:03:01",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/5001ed18-858e-4c9d-9d7b-a1305fcdf61b"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Lana Downloads Manager \u003c 1.8.0 - Contributor+ Arbitrary File Download",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-2392",
"STATE": "PUBLIC",
"TITLE": "Lana Downloads Manager \u003c 1.8.0 - Contributor+ Arbitrary File Download"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Lana Downloads Manager",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.8.0",
"version_value": "1.8.0"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Raad Haddad"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Lana Downloads Manager WordPress plugin before 1.8.0 is affected by an arbitrary file download vulnerability that can be exploited by users with \"Contributor\" permissions or higher."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-552 Files or Directories Accessible to External Parties"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/5001ed18-858e-4c9d-9d7b-a1305fcdf61b",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/5001ed18-858e-4c9d-9d7b-a1305fcdf61b"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-2392",
"datePublished": "2022-08-22T15:03:01",
"dateReserved": "2022-07-12T00:00:00",
"dateUpdated": "2024-08-03T00:39:06.383Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}